Troj/Agent-GXM

Category:	Viruses and Spyware	Protection available since:	30 Oct 2009 12:02:33 (GMT)
Type:	Trojan	Last Updated:	07 Feb 2011 05:19:20 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-GXM include:

Example 1

Other vendor detection

Avira: TR/Autoit.CI.14
Kaspersky: Worm.Win32.AutoRun.hnw
Trend: WORM_DELF.FKZ

Runtime Analysis

Copies Itself To

C:\WINDOWS\regsvr.exe
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\svchost .exe

Dropped Files

C:\WINDOWS\system32\setup.ini

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions
0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Schedule
AtTaskMaxHours
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
shared
\New Folder .exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Msn Messsenger
C:\WINDOWS\system32\regsvr.exe

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe regsvr.exe

Processes Created

c:\windows\system32\at.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://www.yahoo.com/setting.doc
http://www.yahoo.com/setting.xls
http://yahoo.com/setting.doc

DNS Requests

www.yahoo.com
yahoo.com

Example 2

Other vendor detection

Trend: Mal_Otorun2

Example 3

Other vendor detection

Avira: INF/AutoRun.lj.7
Kaspersky: Trojan.Win32.AutoRun.ke
Trend: Mal_Otorun2

Try Sophos products for free
Download now